2011/11/6 Nick Daly <[email protected]>: > No disrespect to either of the above governments intended, I was > ironically referring to the fact that there's no way I can know who has > what interest in faking which certificates. After reading "Certified > Lies" (and installing Cert Patrol [0]) I worry less about the majority > of SSL MITM attacks and primarily about country-specific attacks. I > actually forgot SSL's issues were bigger than country-specific concerns, > since I'm less vulnerable to those types of attacks.
Of course. But the country-specific attacks are country specific not because of where the cert comes from, but because of where the routers are. :-) In order to MITM you, the "bad guy" has to insert himself into your communication path and provide a valid cert. There are a few ways to do this (hack a router, DNS manipulation, etc.), but generally speaking you are at greatest risk from the infrastructure near you, or near the party you are communicating with. PageKite runs servers in a few places (U.S., U.K. and Iceland), so if you are in the U.S. there is a good chance that you are only using U.S. infrastructure. Whether this is comforting or not depends on your threat model. :-) -- Bjarni R. Einarsson Founder, lead developer of PageKite. Make localhost servers visible to the world: http://pagekite.net/ _______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
